Here’s a small script I threw together to check the number of DHCP leases on an Ubiquiti EdgeRouter. It’s made for use with Nagios.
It basically connects to the router via SSH, executes show dhcp leases and returns OK, WARNING, or CRITICAL depending on how many leases exist. See the comments for a little bit of documentation.
Download: check_er_dhcp_leases.sh
Continue reading Nagios – Checking DHCP Leases with Ubiquiti EdgeRouter
Summer is upon us here in Denver and it’s time to start planting vegetables.
This year, Niki and I decided to try out a raised garden bed. I decided to go with a simple, 3 foot by 8 foot box, made out of 2″x8″ lumber. Below is the quick plan I drew up:
This is just a simple garden box that allows 8ish inches deep of soil. Lag screws hold the sides together, and the soil will keep the box from moving.
Next up, we needed an easy way to water the plants. Denver is in an arid climate, and we don’t want to waste water. The best thing to do is to get the water right to the roots of your plants. For that, we turn to a system developed in Utah.
Jeffrey Banks, out of Juab County in Utah, put together a wonderful document detailing a system they’ve been using. The system is inexpensive and very flexible.
The ingredients:
The 3/4″ PVC runs along one of the long sides of the box. I cut it into seven 12″ sections. The 3/4″x1/2″ elbow is glued on the very end, with each section separated by the tee fittings. These fittings are glued. At the far end, a pair of street elbows are attached to a ball valve and a garden hose fitting.
The ball valve helps control the rate of flow. Eventually, as more beds are added, they will be interconnected and the ball valves can control where water goes as needed.
The short pipes are called laterals, and are made from the 1/2″ PVC. One pipe is usually sufficient to water two rows. I follows the directions from the Juab County system document, and drilled 1/16″ holes every 6 inches for rows beans and other stuff. For the squash, I grouped three holes together, 2 inches apart right next to the mounds. Since these are spread further apart, only one later is used for each row.
Controlling the flow rate is essential. This is where the ball valve comes in really handy. I can fully open the spigot at the house, then use the ball valve to restrict the flow going into the pipes. As you can see above, the system is less drip and more trickle irrigation.
Time will tell how well the system works. Based on the results seen in Juab county though, I have a good feeling that it will work well.
The following is a script I wrote that will take snapshots of a BtrFS subvolume and name them in a convention that works with Samba‘s VFS shadow_copy module.
I love graphs. Just ask my wife. Any sort of metric I can get my hands on, I try to graph and display visually.
One of my favorite tools for graphing data is Cacti. As such, if it can be queried via SNMP, I want it on Cacti.
I have an HP MSM430 access point that I use in our home. It presents quite a bit of data via SNMP. I’ve developed some Cacti templates that can be used to graph average SNR for a station (a station is an SSID on an individual radio), as well as the number of users connected to a station.
Find it on github: https://github.com/shouptech/hp-msmAP-cacti
With the latest release of firmware (1.6) for Ubiquiti EdgeRouter devices, you can now use DHCPv6-PD with only modifying the device config.
It works with Comcast’s IPv6. Here’s my config to get you going:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 |
firewall { all-ping enable broadcast-ping disable ipv6-name client6-in { default-action accept description "Clients to other nets" } ipv6-name client6-local { default-action accept description "Clients to router" } ipv6-name wan6-in { default-action drop description "WAN IPv6 to networks" enable-default-log rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow icmpv6" protocol ipv6-icmp } } ipv6-name wan6-local { default-action drop description "WAN inbound to router" enable-default-log rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 ICMP" protocol ipv6-icmp } rule 40 { action accept description "Allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name client-in { default-action accept description "Clients to other net" } name client-local { default-action accept description "Clients to router" } name wan-in { default-action drop description "Internet to local net" rule 1 { action accept description "Allow established/related" log disable state { established enable related enable } } rule 2 { action drop description "Drop inavlid state" log enable state { invalid enable } } } name wan-local { default-action drop description "Internet to Router" rule 1 { action accept description "Allow established/related" log disable state { established enable related enable } } rule 2 { action drop description "Drop invalid state" log enable state { invalid enable } } rule 5 { action accept description "ICMP 50/m" limit { burst 1 rate 50/minute } log enable protocol icmp } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 10.0.0.1/24 description Clients duplex auto firewall { in { ipv6-name client6-in name client-in } local { ipv6-name client6-local name client-local } } speed auto } ethernet eth1 { address dhcp description WAN dhcpv6-pd { pd 0 { interface eth0 { host-address ::1 prefix-id :1 service slaac } prefix-length 60 } rapid-commit enable } duplex auto firewall { in { ipv6-name wan6-in name wan-in } local { ipv6-name wan6-local name wan-local } } speed auto } ethernet eth2 { disable duplex auto speed auto } loopback lo { } } service { dhcp-server { disabled false hostfile-update disable shared-network-name wired-eth0 { authoritative disable description "Wired Nework eth0" subnet 10.0.0.1/24 { default-router 10.0.0.1 dns-server 10.0.0.1 lease 86400 ntp-server 10.0.0.1 start 10.0.0.150 { stop 10.0.0.199 } } } } dns { forwarding { cache-size 150 listen-on eth0 system } } gui { https-port 443 } nat { rule 5010 { log disable outbound-interface eth1 protocol all type masquerade } } ssh { port 22 protocol-version v2 } } system { config-management { commit-revisions 50 } conntrack { expect-table-size 2048 hash-size 32768 modules { sip { disable } } table-size 262144 timeout { icmp 30 other 600 udp { other 60 stream 300 } } } domain-name home host-name fw login { user **** { authentication { encrypted-password ***** plaintext-password "" } level admin } } name-server 8.8.8.8 name-server 8.8.4.4 name-server 2001:4860:4860::8888 name-server 2001:4860:4860::8844 ntp { server 0.us.pool.ntp.org { } server 1.us.pool.ntp.org { } server 2.us.pool.ntp.org { } server 3.us.pool.ntp.org { } } offload { ipsec enable ipv4 { forwarding enable } ipv6 { forwarding enable } } package { repository squeeze { components "main contrib non-free" distribution squeeze password "" url http://http.us.debian.org/debian username "" } repository squeeze-security { components main distribution squeeze/updates password "" url http://security.debian.org username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/Denver } |
I’m a bit late on this announcement.
Amelia Shoup was born at the end of October.
Universal Media Server originally started as a fork of PS3 Media Server. It is a great DLNA server for Linux. It has a large device support among other features. In our home, it is used to stream from our media server in the basement to the PS3 in the living room.
The following steps will get it installed in a headless fashion on CentOS 7. They should also be easily adapted for any recent versions of Fedora. The biggest difference from this guide and others I’ve seen is I provide a service file for systemd.
Install Prerequisites
|
1 2 |
$ sudo yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm $ sudo yum install http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm |
|
1 |
$ sudo yum install mplayer mencoder ffmpeg mediainfo |
Install the files for UMS
|
1 2 3 |
$ tar zxf UMS-4.2.2-Java7.tgz $ sudo mv ums-4.2.2 /opt $ sudo ln -s /opt/ums-4.2.2 /opt/ums |
|
1 2 |
$ sudo mkdir /etc/ums $ sudo cp UMS.conf WEB.conf /etc/ums |
|
1 2 3 |
$ sudo useradd -d /opt/ums -s /sbin/nologin ums $ sudo chown -R ums:ums /opt/ums-4.2.2 $ sudo chown -R ums:ums /etc/ums |
Systemd configuration
Systemd is the init system in CentOS 7 and the more recent versions of Fedora. It will be utilized to start UMS on startup, as well as provide easy logging of events.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
[Unit] Description=Universal Media Server [Service] Type=simple Environment="UMS_PROFILE=/etc/ums/UMS.conf" User=ums Group=ums ExecStart=/opt/ums/UMS.sh [Install] WantedBy=multi-user.target |
|
1 2 3 |
$ sudo systemctl daemon-reload $ sudo systemctl enable ums $ sudo systemctl start ums |
|
1 2 3 4 5 6 7 |
$ sudo systemctl status ums ums.service - Universal Media Server Loaded: loaded (/etc/systemd/system/ums.service; enabled) Active: active (running) since Sun 2014-11-30 19:12:20 MST; 32min ago Main PID: 12912 (java) CGroup: /system.slice/ums.service └─12912 java -Xmx768M -Xss2048k -Dfile.encoding=UTF-8 -Djava.net.p... |
Open the firewall
Unless you’ve already mucked with the defaults, the CentOS firewall should be up and running, and likely only allowing port 22/tcp in. You will need to open some holes in the firewall.
Let’s first look at the ports that UMS uses:
|
1 2 3 4 |
$ sudo netstat -pln | grep java tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN 12912/java tcp 0 0 10.0.0.204:5001 0.0.0.0:* LISTEN 12912/java udp 0 0 0.0.0.0:1900 0.0.0.0:* 12912/java |
Unless you’ve changed anything, by default, those are 5001/tcp, 9001/tcp and 1900/udp. Port 9001/tcp is optional. Enable it if you want to browse your media via a web browser. Let’s utilize the firewall-cmd utility to poke the holes:
|
1 2 3 |
$ sudo firewall-cmd --get-active-zones internal interfaces: eth0 |
|
1 2 3 4 5 6 7 8 |
$ sudo firewall-cmd --add-port=5001/tcp --zone=<zone> --permanent success $ sudo firewall-cmd --add-port=9001/tcp --zone=<zone> --permanent success $ sudo firewall-cmd --add-port=1900/udp --zone=<zone> --permanent success $ sudo firewall-cmd --reload success |
|
1 2 |
$ sudo firewall-cmd --list-ports --zone=<zone> 5001/tcp 9001/tcp 1900/udp |
Congrats! You’re done! Launch your DLNA client (or PS3 as it were) and make sure things are working. Utilize journalctl to gather diagnostic information if things aren’t working right.
Update: I’ve made some changes in the systemctl setup and noted that port 9001 is optional. These were at the advice of Vallimar on the UMS forums. Thanks!
Weather started out cool. Wore my new long sleeved Novara jersey for the first time and needed my full fingered gloves.
Headed west via 26th Avenue and 32nd Avenue. Passed and was passed by many cyclists. Lots of groups out. I rode by a rather large one gathering at a church at 32nd Ave and McIntyre St. As I went by the Coor’s brewery, they went past me in a rather spirited fashion. They looked like they were having fun and ready to climb Lookout Mountain (I’ll do that one of these days).
Got to Vanover park in Golden. The leaves were falling on a couple of trees and presented an excellent photo op.
After a brief rest, turned my bike back around and went up Clear Creek. According the RideWithGPS app on my phone, I reached 37.5 MPH on a downhill section of this. If that’s true, I think that’s my record on a bicycle. Fortunately, the trail was completed devoid of other humans at that time.
Once I reached the I-70 underpass along the Clear Creek trail, I took a moment to debate if I wanted to keep heading up it, or head back home on the roads. I took the road option.
Turned down the Youngfield Service Rd and headed back east on 32nd Ave. At some point I ended up on 26th Ave and headed home.
Leave your bicycle unattended anywhere, and you’re going to worry about someone walking away with it. It’s important to have a good strategy for locking bicycles.
Many locking strategies often consist of carrying multiple items to lock your bike, such as multiple locks, or supplementing your lock(s) with cables. This is necessary because parts on modern bicycles are made to be easily removed, which is the opposite of what you want if you need to leave your bike unattended.
The ring lock, or frame lock, is not seen very often in the United States. Very common in Europe, the ring lock usually attaches to the seat stays, and immobilizes the bike by placing a metal rod through the wheel’s spokes. My primary commuter bicycle is equipped with one, and it is my favorite lock ever.
What’s great about the ring lock, the lock is always with my bicycle. I can put my key in it and immediately immobilize my bicycle. Great for quick trips.
Also, many ring locks like the ABUS Amparo pictured above have cables and chains you can plug into the side. This allows you to secure your bicycle to a stationary object such as a bike rack. Combine it with anti-theft skewers (such as Velo Orange’s) and you have a pretty decent bicycle theft prevention system.
Unfortunately, these are pretty difficult to obtain in the states.
Most cyclists in America are aware that the Netherlands is a cycling country. So much so, that nationwide, 27% of all trips in the Netherlands are by bicycle. Digest that statistic for a moment. That means, over one quarter of all trips in the Netherlands are by bicycle. So how’d the Dutch arrive there?
A lot of articles on the subject point to a movement in the 1970s calls “Stop de Kindermoord” which literally translates to English as “Stop the Child Murder.” The following is a quote from David Hembrow on a blog post of his:
1973 was also the year that the pressure group “Stop de Kindermoord” (“Stop the Child Murder”) started. The object of this group was to point out the number of deaths caused to children and to campaign to reduce them. They successfully influenced the Dutch government to re-emphasize building of segregated cycle paths, and to make money available to pay for them. This resulted in both a rise in cycling and a reduction in cyclist deaths, reversing the previous trend. It has been a success not only for child cyclists, but for all cyclists, and indeed for the population as a whole.
In my opinion, campaigning for children is the best way to make progress in America. People for Bikes has recently taken this idea and started their own campaign: Build it for Isabella. It’s a simple concept: “Every new bike project should strive to be usable by a 12-year old.”
Here’s Isabella:
When considering current designs of infrastructure in the Denver area, I have a hard time imagining Isabella riding on most of our infrastructure.
For example, can you envision her sharing the road when sharrows are involved?
What about even buffered bike lanes like this?
Or is this more like it?
The above looks like something Isabella could safely ride on, if she’s heading toward the photo. But what about the bike lane for those riding away from the photo?
I would also like to point out that protected tracks like pictured above are not enough. Protected intersections are also necessary. The Bannock cycle track posted above abruptly ends, leaving Isabella on the sidewalk, mixing with pedestrians and riding through crosswalks. (The sign in the photo below cautioning cyclists to slow has since been removed.) There is no clear indication of where she can safely ride from here.
We even have here in Denver, the first of what cycling advocates are calling a protected lane in the form of the 15th Street Bikeway. It has many positive design elements, such as:
Here again though, the design has serious deficiencies that would keep Isabella’s parents from considering it safe for her:
Denver can and should do better. If we ever want to cycling to reach double digits modal share, or to see our children cycling like the Dutch we need to do better. This video is something that I think we can achieve in American cities: